Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Google on Wednesday announced a Chrome 115 update that patches 17 vulnerabilities, including 11 flaws reported by external researchers.
The browser update resolves three high-severity type confusion bugs in the V8 JavaScript and WebAssembly engine that earned the reporting researchers over $60,000 in bug bounties, Google notes in its advisory.
The internet giant says it handed out $43,000 in rewards to a security researcher named ‘Jerry’, who reported two of these V8 issues, tracked as CVE-2023-4068 and CVE-2023-4070.
A $21,000 bug bounty was awarded to Man Yue Mo of GitHub Security Lab, for reporting the third type confusion bug, tracked as CVE-2023-4069.
The latest Chrome update resolves six other high-severity vulnerabilities. Based on the paid bug bounties, the most severe of these is CVE-2023-4071, a heap buffer overflow bug in Visuals.
Next in line is an out-of-bounds read and write issue in WebGL (CVE-2023-4072), followed by an out-of-bounds memory access flaw in the ANGLE graphics engine abstraction layer (CVE-2023-4073).
The remaining three high-severity security defects that were externally reported are use-after-free vulnerabilities in Blink Task Scheduling, Cast, and WebRTC.
The latest Chrome iteration also resolves two medium-severity bugs in Extensions: an insufficient data validation and an inappropriate implementation issue.
Google says it handed out a total of $123,000 in bug bounty rewards to the reporting researchers.
The latest Chrome release is currently rolling out as version 115.0.5790.170 for Mac and Linux and as versions 115.0.5790.170/.171 for Windows.
Google makes no mention of any of these vulnerabilities being exploited in attacks.
Related: Chrome 115 Patches 20 Vulnerabilities
Related: Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
Related: Chrome 114 Update Patches Critical Vulnerability
https://www.securityweek.com/google-awards-60000-for-v8-vulnerabilities-patched-with-chrome-115-update/